Eddy Nigg (StartCom Ltd.) wrote: > Just for the better understanding, but there is no preferential > treatment for any type of certification authorities. The only exception > which has been made, was the recent adding of roots and acceptance of > CAs which issue extended validation (EV) certificates.
For the record, that's not *quite* true. In the past we had a concern about including root CA certificates for government-operated CAs below the country level, e.g., CAs operated by municipalities and regional governments. Our concern was based on the impact on browser footprint (especially for mobile Firefox) of adding root CA certificate data for what could turn out to be hundreds of government CAs, combined with the time that we'd have to spend evaluating requests from all those CAs. Because of that we postponed considering applications from regional/local government CAs, including ACCV if I recall correctly. We've discussed whether our official policy should address the question of including government CAs below the country level, but we never could reach consensus on what to do. One option we considered was having localized versions of the root store, so that, for example, Firefox users would not see roots for ACCV, etc., unless they were using one of the Firefox versions localized for Spain and its regions (e.g., es-ES, eu, ca, etc.). However there was strong opposition expressed to having localized root lists, and in any case we don't currently have the technical capability to do that. Given the lack of consensus, I think the best course is simply to consider requests from local/regional government CAs on a first-come, first-served basis, just as we do for requests from commercial CAs. However I believe we should prioritize requests for country-level government CAs over requests for local/regional government CAs, whether in the same country or a different one. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
